1 |
On Fri, Dec 28, 2012 at 01:07:11AM -0500, Michael Orlitzky wrote |
2 |
> On 12/27/2012 10:59 PM, Walter Dnes wrote: |
3 |
> > |
4 |
> > Here's my revised "Paranoia Plus" ruleset. Any comments? Because I'm |
5 |
> > behind a NAT-ing ADSL router/modem, many of my rules rarely see hits. |
6 |
> > However, I do have a backup dialup connection in case of problems, so |
7 |
> > most of my rules don't specify the network interface. A couple of |
8 |
> > notes... |
9 |
> > |
10 |
> |
11 |
> I did a bunch of inline comments below as I was trying to understand the |
12 |
> rules. At the end I give the tl;dr, but maybe the inline comments are |
13 |
> useful too. |
14 |
|
15 |
Thanks. My ruleset has accumulated years of cruft. I should really |
16 |
sit down and rewrite the thing from square 1. I have one comment. You |
17 |
show what appears to be a bash script for setting up the rules. I work |
18 |
with the contents of file /var/lib/iptables/rules-save instead. |
19 |
|
20 |
-- |
21 |
Walter Dnes <waltdnes@××××××××.org> |
22 |
I don't run "desktop environments"; I run useful applications |